How to change the default password length in CentOS/RHEL/Fedora

The default password length is usually 8 characters. In order to improve security longer, passwords can be enforced. Pluggable Authentication Module (PAM) is used for login authentication. We will make changes to the pam_cracklib module to control how the user authenticates.

Important: Make sure to make a backup of your /lib/security directory and your /etc/pam.d/system-auth before making any changes. Making changes to PAM can cause a system to become inaccessible.

As you can see above, the default password length has been changed from 8 to 10 using the “minlen=10” option.

Final Thoughts

Make the changes carefully. If a change is made and the system becomes inaccessible, go into rescue mode and replace the files with the backup files previously created. Once the proper changes have been made to the system-auth file and everything is working as desired, a backup of the new system-auth should be made. If the authconfig command is used, it will overwrite the system-auth file. If a single digit number is used in the password, an extra character must be used in the password.